Lots of non-savvy users may be recycling previously hacked creds

Group video chat app Houseparty has offered a $1m bounty to identify what it claims is an organised campaign to falsely depict it as a hackers' backdoor.

Announced at 4am UTC on the firm's Twitter account, the million-dollar bounty is being offered to "the first individual to provide proof of such a campaign," with Epic Games, the firm behind Houseparty, alleging this effort is "a paid commercial smear… to harm Houseparty."

The app has exploded in popularity since most of the world entered coronavirus lockdown as a replacement for interacting within venues such as pubs, coffee shops and restaurants. Most people use it to livestream themselves drunkenly trying out filters that turn their fizzogs into cartoon dogs and so on.

Over the last few days, rumours have been seeded on Twitter that Houseparty is linked to people's online accounts being hacked. The ever-reliable online wing of the Daily Mailgathered together a slack handful of tweets alleging Houseparty was the cause of account compromises. El Reg had a quick look at the first account mentioned in the Mail writeup and discovered a Twitter thread where the account operator cheerfully admitted to reusing usernames and passwords across different sites: an obvious path to multi-account compromise.

While The Register is not aware of any genuine concerns over Houseparty, these particular rumours do seem short of the mark. Bored readers trapped at home might enjoy using some social media verification techniques (PDF, 79 pages, dates back to 2016 but the basics are sound) to check out more of the same.

"We've found no evidence to suggest a link between Houseparty and the compromises of other unrelated accounts," a spokesperson for Epic Games told the BBC.